The following comment contains detailed information about a few issues
that were identified during a recent security analysis of 13 W3C
standards, organized by ENISA (European Network and Information Security
Agency), and performed by the DistriNet Research Group (K.U. Leuven,
Belgium).
The complete report is available at http://www.enisa.europa.eu/html5
(*), and contains information about the process, the discovered
vulnerabilities and recommendations towards improving overall security
in the studied specifications.
Issues
--------
HTML5EL-SECURE-2.Menu Integration: A web application can define
contextual and toolbar menus. The specification does not mention many
implementation details. A user agent may implement integrate these menus
with its own user interface, especially on small displays such as
smartphones. This may confuse a user and may present malicious or
erroneous menu items.
HTML5EL-SECURE-3.Keygen Scenarios: The specification does not provide
enough details about the keygen element. No concrete usage scenarios
(from keygen to actual use of the key) or implementation requirements
(e.g. storage of private keys) are provided.
HTML5EL-USER-1.Overriding Sandbox: Sandboxed content is not allowed to
load plugin content. The specification of the embed element however
states that a user agent may allow the user to override this for a
specific content item, but the user agent should warn the user that this
could be dangerous. The override option is only briefly mentioned as
part of the description of the embed element, but is also an important
aspect of the sandbox attribute. The spec should either mention this
with the sandbox attribute or refer to the embed element.
(*) HTML version of the report is available as well:
https://distrinet.cs.kuleuven.be/projects/HTML5-security/
--
Philippe De Ryck
K.U.Leuven, Dept. of Computer Science
Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm